<?php

uses('sanitize');

class CommentsController extends AppController {

	var $name = 'Comments';
	var $helpers = array('Html', 'Form', 'ajax' );
	var $components = array('Acl', 'Security', 'RequestHandler');
	
	function beforeFilter()
	{
		$this->Security->requirePost('ajaxadd');
		//$this->Security->requireAuth('order');
		$this->Security->blackHoleCallback = 'invalid';
	}

	function invalid()
	{
		header ('HTTP/x 400 Bad Request');
		echo('<h1>Upward : erreur 400</h1>');
		echo('<p>Un probleme est servenue, merci de renvoyer le formulaire une nouvelle fois.</p>');
		die;
	}
	
//actions guest
/*	function index() {
		$this->Comment->recursive = 0;
		$this->set('comments', $this->Comment->findAll());
	}

	function view($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Comment.');
			$this->redirect('/comment/index');
		}
		$this->set('comment', $this->Comment->read(null, $id));
	}*/

	//ajax - add from posts/view/$id - require Post
	function ajaxadd(){
		//$_SERVER['REMOTE_ADDR']
		if(empty($this->data)) {
			$this->data['Comment']['post_id'] = $this->params['url']['post_id'];
			$this->render('ajaxadd', 'ajax');
		}else{
			$san = new Sanitize();
			$this->data['Comment']['author'] = $san->paranoid($this->data['Comment']['author'], array('.', '-', '+', ':', ' '));
			$this->data['Comment']['email'] = $san->paranoid($this->data['Comment']['email'], array('@', '.', '-', '+'));
			$this->data['Comment']['website'] = $san->paranoid($this->data['Comment']['website'], array('.', '-', '+', '/', ':'));
			$this->data['Comment']['content'] = $san->sql($this->data['Comment']['content']);
			
			$this->data['Comment']['ip'] = $_SERVER['REMOTE_ADDR'];
			
			$this->cleanUpFields();
			if($this->Comment->save($this->data)) {
				//ACL
				$aco = new Aco();
				$aco->create($this->Comment->id, 0, 'comment-'.$this->Comment->id);
				$this->Acl->allow('dealers', 'comment-'.$this->Comment->id);
				$this->Acl->allow('admins', 'comment-'.$this->Comment->id);
				
				$this->Session->setFlash('The Comment has been saved');
				$this->set('post_id', $this->data['Comment']['post_id']);
				$this->set('closeajax', true);
				$this->render('ajaxadd','ajax');
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->render('ajaxadd','ajax');
			}
		}
	}
	
/*	function add() {
		if(empty($this->data)) {
			//$this->set('posts', $this->Comment->Post->generateList());
			//$this->render();
			$this->Session->setFlash('Billet non spécifié.');
			$this->redirect('/posts/index');
		} else {
			$san = new Sanitize();
			$this->data['Comment']['author'] = $san->paranoid($this->data['Comment']['author'], array('.', '-', '+', ':', ' '));
			$this->data['Comment']['email'] = $san->paranoid($this->data['Comment']['email'], array('@', '.', '-', '+'));
			$this->data['Comment']['website'] = $san->paranoid($this->data['Comment']['website'], array('.', '-', '+', '/', ':'));
			$this->data['Comment']['content'] = $san->html($this->data['Comment']['content']);
			
			$this->cleanUpFields();
			if($this->Comment->save($this->data)) {
				$this->Session->setFlash('The Comment has been saved');
				$this->redirect('/posts/view/'.$this->data['Comment']['post_id']);
			} else {
				$this->Session->setFlash('Please correct errors below.');
			}
		}
	}*/

//actions dealers
	function edit($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Comment');
			$this->redirect('/posts/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'comment-'.$id, 'update')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/posts/index');
		}elseif(empty($this->data)) {
			$this->data = $this->Comment->read(null, $id);
			$this->set('posts', $this->Comment->Post->generateList());
		} else {
			$san = new Sanitize();
			$this->data['Comment']['author'] = $san->paranoid($this->data['Comment']['author'], array('.', '-', '+', ':', ' '));
			$this->data['Comment']['email'] = $san->paranoid($this->data['Comment']['email'], array('@', '.', '-', '+'));
			$this->data['Comment']['website'] = $san->paranoid($this->data['Comment']['website'], array('.', '-', '+', '/', ':'));
			$this->data['Comment']['content'] = $san->sql($this->data['Comment']['content']);
			
			$this->cleanUpFields();
			if($this->Comment->save($this->data)) {
				$this->Session->setFlash('The Comment has been saved');
				$this->redirect('/posts/view/'.$this->data['Comment']['post_id']);
			} else {
				$this->Session->setFlash('Please correct errors below.');
				$this->set('posts', $this->Comment->Post->generateList());
			}
		}
	}

	function delete($id = null) {
		if(!$id) {
			$this->Session->setFlash('Invalid id for Comment');
			$this->redirect('/posts/index');
		}
		if(!$this->Acl->check($this->Session->read('user'), 'comment-'.$id, 'delete')){
			$this->Session->setFlash('Action non autorisée');
			$this->redirect('/posts/index');
		}elseif($this->Comment->del($id)) {
			//ACL
			$aco = new Aco();
			$aco->delete('comment-'.$id);
			
			$this->Session->setFlash('The Comment deleted: id '.$id.'');
			$this->redirect('/posts/index');
		}
	}

}
?>